The EU’s General Data Protection Regulation
(GDPR) now requires companies to demonstrate that they have
fulfilled the 'privacy-by-design’ obligation in
particular, according to an in-house lawyer at a medical
technology company. This part of the regulation requires that
the absolute minimum level of data is collected from tech users
and, if this is not feasible, that the company conducts a data
impact assessment, along with various other legal
obligations.

The extraterritorial impact is severe – so
companies all over the world must comply.

"It’s important to realise that data privacy
due diligence is not a tick-box exercise," said Joshua
Cole, managing partner of...